public function apiDocsAction()
 {
     $apiRegistry = new Ot_Api_Register();
     $endpoints = $apiRegistry->getApiEndpoints();
     $apiMethods = array('get', 'put', 'post', 'delete');
     $data = array();
     $acl = new Ot_Acl('remote');
     $vr = new Ot_Config_Register();
     $role = $vr->getVar('defaultRole')->getValue();
     if (Zend_Auth::getInstance()->hasIdentity()) {
         $thisAccount = Zend_Auth::getInstance()->getIdentity();
         if (count($thisAccount->role) > 1) {
             $roles = array();
             // Get role names from the list of role Ids
             foreach ($thisAccount->role as $r) {
                 $roles[] = $acl->getRole($r);
             }
             // Create a new role that inherits from all the returned roles
             $roleName = implode(',', $roles);
             $role = $roleName;
             $acl->addRole(new Zend_Acl_Role($roleName), $roles);
         } elseif (count($thisAccount->role) == 1) {
             $role = $thisAccount->role[0];
         }
         if ($role == '' || !$acl->hasRole($role)) {
             $role = $vr->getVar('defaultRole')->getValue();
         }
     }
     foreach ($endpoints as &$e) {
         $data[$e->getName()] = array('name' => $e->getName(), 'methods' => array(), 'description' => $e->getDescription());
         $reflection = new ReflectionClass($e->getMethodClassname());
         $methods = $reflection->getMethods();
         foreach ($methods as $m) {
             // the api "module" here is really a kind of placeholder
             $aclResource = 'api_' . strtolower($e->getName());
             if (in_array($m->name, $apiMethods) && $m->class == $e->getMethodClassname() && $acl->isAllowed($role, $aclResource, $m->name)) {
                 $instructions = 'No instructions provided';
                 if ($m->getDocComment() != '') {
                     $instructions = $this->_cleanComment($m->getDocComment());
                 }
                 $data[$e->getName()]['methods'][$m->getName()] = $instructions;
             }
         }
     }
     $endpoints = array();
     foreach ($data as $key => $val) {
         if (count($val['methods']) != 0) {
             $endpoints[$key] = $val;
         }
     }
     $this->view->endpoints = $endpoints;
     $this->_helper->pageTitle('API Documentation');
 }
Exemple #2
0
 public function getRemoteResources($roleId = 0)
 {
     $roles = $this->getAvailableRoles();
     $role = 0;
     if ($roleId != 0) {
         if (!isset($roles[$roleId])) {
             throw new Ot_Exception('Requested role not found in the access list.');
         }
         $role = $roles[$roleId];
     }
     // Sets the denys for the role
     $denys = array();
     if (isset($role['rules'])) {
         foreach ($role['rules'] as $rule) {
             if ($rule['type'] == 'deny') {
                 $denys[$rule['resource']] = $rule['privilege'];
             }
         }
     }
     $result = array();
     $filter = new Zend_Filter();
     $filter->addFilter(new Zend_Filter_Word_CamelCaseToDash());
     $filter->addFilter(new Zend_Filter_StringToLower());
     $register = new Ot_Api_Register();
     $endpoints = $register->getApiEndpoints();
     // the Api $key is really kind of a "fake" key in that the Api module
     // doesn't exist...it's simply a placeholder
     $key = "api";
     foreach ($endpoints as $endpoint) {
         $controllerName = $endpoint->getName();
         $resource = strtolower($key . '_' . $controllerName);
         //$resource = strtolower($controllerName);
         $result[$key][$controllerName]['all'] = array('access' => false, 'inheritRoleId' => '');
         $noInheritance = false;
         $inherit = $roleId;
         $allows = array();
         while (!$noInheritance) {
             $iAllows = array();
             $iDenys = array();
             if (isset($roles[$inherit]['rules'])) {
                 foreach ($roles[$inherit]['rules'] as $rule) {
                     if ($rule['type'] == 'allow') {
                         $allows[$rule['resource']] = $rule['privilege'];
                         $iAllows[$rule['resource']] = $rule['privilege'];
                     } else {
                         $iDenys[$rule['resource']] = $rule['privilege'];
                     }
                 }
             }
             // Checks to see if the inheriting role allows the rource
             if (in_array('*', array_keys($allows)) || isset($allows[$resource]) && $allows[$resource] == '*') {
                 /* Checks to see that even though the inheriting role allows the resource that the role in
                  * question doesnt specifically deny it.
                  */
                 if (!(isset($denys[$resource]) && $denys[$resource] == '*')) {
                     $result[$key][$controllerName]['all']['access'] = true;
                     if (isset($iAllows[$resource]) && $iAllows[$resource] == '*') {
                         $result[$key][$controllerName]['all']['inheritRoleId'] = $inherit;
                     }
                 }
             }
             if (isset($roles[$inherit]['inheritRoleId']) && $roles[$inherit]['inheritRoleId'] != 0) {
                 $inherit = $roles[$inherit]['inheritRoleId'];
             } else {
                 $noInheritance = true;
             }
         }
         $result[$key][$controllerName]['description'] = "API Docs";
         if (!isset($result[$key][$controllerName]['part'])) {
             $result[$key][$controllerName]['part'] = array();
         }
         $methods = array('get', 'put', 'post', 'delete');
         foreach ($methods as $action) {
             if ($role != '') {
                 $holdingVar2 = $this->isAllowed($role['roleId'], $resource, $action);
                 $result[$key][$controllerName]['part'][$action]['access'] = $holdingVar2;
             } else {
                 $result[$key][$controllerName]['part'][$action]['access'] = false;
             }
             $holdingVar3 = strtoupper($action) . ' method for ' . $resource;
             $result[$key][$controllerName]['part'][$action]['description'] = $holdingVar3;
             $noInheritance = isset($role['inheritRoleId']) && $role['inheritRoleId'] == 0;
             $inherit = isset($role['inheritRoleId']) ? $role['inheritRoleId'] : '';
             $result[$key][$controllerName]['part'][$action]['inheritRoleId'] = 0;
             while (!$noInheritance) {
                 $iAllows = array();
                 $iDenys = array();
                 if (isset($roles[$inherit]['rules'])) {
                     foreach ($roles[$inherit]['rules'] as $rule) {
                         if ($rule['type'] == 'allow') {
                             $iAllows[] = $rule['resource'] . '_' . $rule['privilege'];
                         } else {
                             $iDenys[] = $rule['resource'] . '_' . $rule['privilege'];
                         }
                     }
                 }
                 if ($result[$key][$controllerName]['part'][$action]['access'] == false) {
                     if (in_array($resource . '_' . $action, $iDenys) && $result[$key][$controllerName]['part'][$action]['inheritRoleId'] == 0) {
                         $result[$key][$controllerName]['part'][$action]['inheritRoleId'] = $inherit;
                     }
                 } else {
                     if (in_array($resource . '_' . $action, $iAllows) && $result[$key][$controllerName]['part'][$action]['inheritRoleId'] == 0) {
                         $result[$key][$resource]['part'][$action]['inheritRoleId'] = $inherit;
                     }
                 }
                 if (isset($roles[$inherit]['inheritRoleId']) && $roles[$inherit]['inheritRoleId'] != 0) {
                     $inherit = $roles[$inherit]['inheritRoleId'];
                 } else {
                     $noInheritance = true;
                 }
             }
         }
     }
     return $result;
 }